Cryptographic Mechanisms for Internet Security

互联网安全的加密机制

• 批准号: 0129617
• 负责人: Mihir Bellare
• 金额: $ 21.86万
• 依托单位: University of California-San Diego
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2002
• 资助国家: 美国
• 起止时间: 2002-03-01 至 2006-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0129617&HistoricalAwards=false
• 关键词: Cryptographic; Mechanisms; Internet; Security

The Internet has opened the door to new possibilities, but also brought with it new risks.Internet security is a widely recognized problem crossing the boundaries between mathematics,systems and sociology, and panaceas are unlikely. The goal of this proposal is to isolate andtarget a few components of the security problem that have real impact on Internet security inpractice and are well-defined enough that clear, documented, and identifiable progress can be madewithin the time-frame and resources of the project. The chosen problems relate to cryptographiccomponents of current and future Internet security protocols and standards, in technical areas suchas authentication, access control, privacy, key distribution and key compromise, and to bridgingthe gap between cryptography and systems security. Providing high-quality, cost-efective cryptographic mechanisms, and tying them together se-curely,is a challenge. Cryptographic schemes are easy to specify but hard to validate, and notoriousfor containing bugs that take a long time to be discovered. This proposal will employ the practice-oriented provable-security approach toimprove security guarantees of cryptographic mechansisms.Developed by Bellare and Rogaway, this approach already has a track record in delivering prac-tical cryptography backed by theoretical guarantees. Past successes of this method include theHMAC andOAEP algorithms which have been adopted by numerous standards bodies and widelyimplemented. The first two problems that we propose to address are related to the security of protocolssuch as SSL. The researchers propose to investigate the security ofa mechanism that is common practice butnot analyzed in theory, namely to use the same key for both asymmetric encryption and digitalsignatures. The researchers will seek to determine under what circumstances this is secure, with particularfocus on existing standards. The researchers will then propose to investigate the security of the session key exchange protocols at the heart of security protocols like SSL, TLS or that of 3GPP, building on pastwork in provable security for session key exchange. The greatest threat to the security the researcher may hope to obtain from some cryptographic mechanismmay simply be key exposure: an intruder breaks into the system and compromises the underlyingkey. This problem crosses the boundary between security and cryptography, and the next twoproblems proposed by the researcheris to consider two cryptographic approaches to it. The first is forward-security, whose goal is not to prevent key exposure, but to mitigate the damage it causes by making sure that past uses of a key are not compromised by its exposure. The researchers propose two specific pieces of research related to forward security, one in the domain of signatures and the other in the domainof pseudorandom number generation. The second problem relates to human-memorizable keys, orpasswords. These have the advantage of not being subject to key exposure via breakin, but haveother disadvantages, most notably being subject to dictionary attack. Several corporations haveproposed some form of server-aided, password-based authentication. The researcher looks into the security of some of the potential mechanisms to this end.

互联网为新的可能性打开了大门，但也带来了新的风险。互联网安全是一个跨越数学、系统和社会学界限的广泛认识的问题，不太可能有灵丹妙药。本提案的目标是隔离和瞄准在实践中对互联网安全有真实的影响的安全问题的几个组成部分，这些组成部分定义明确，足以在项目的时间框架和资源范围内取得清晰、记录和可识别的进展。所选问题涉及当前和未来互联网安全协议和标准的密码组件，在技术领域，如认证，访问控制，隐私，密钥分配和密钥泄露，以及弥合密码学和系统安全之间的差距。 提供高质量、高性价比的加密机制，并将它们安全地捆绑在一起，是一个挑战。加密方案很容易指定，但很难验证，并且以包含需要很长时间才能发现的错误而闻名。该方案将采用Bellare和Rogaway提出的面向实践的可证明安全方法来提高密码机制的安全性保证，该方法已经在提供理论保证支持的实用密码学方面取得了成功。这种方法过去的成功包括HMAC和OAEP算法，这些算法已被许多标准机构采用并广泛实施。 我们建议解决的前两个问题与SSL等协议的安全性有关。研究人员建议研究一种机制的安全性，这种机制是常见的实践，但没有在理论上进行分析，即对非对称加密和数字签名使用相同的密钥。研究人员将试图确定在什么情况下这是安全的，特别关注现有的标准。然后，研究人员将建议研究安全协议（如SSL，TLS或3GPP）核心的会话密钥交换协议的安全性，建立在会话密钥交换可证明安全性的基础上。 研究人员希望从某种加密机制中获得的最大安全威胁可能只是密钥暴露：入侵者闯入系统并泄露底层密钥。这个问题跨越了安全性和密码学之间的界限，研究人员提出的下两个问题是考虑两种密码学方法来解决这个问题。第一种是前向安全，其目标不是防止密钥暴露，而是通过确保过去使用密钥不会因其暴露而受到损害来减轻其造成的损害。研究人员提出了两个与前向安全相关的具体研究，一个在签名领域，另一个在伪随机数生成领域。第二个问题与人类记忆的密钥或密码有关。这些方法的优点是不容易通过闯入暴露密钥，但也有其他缺点，最明显的是容易受到字典攻击。一些公司已经提出了某种形式的服务器辅助的、基于密码的身份验证。为此，研究人员研究了一些潜在机制的安全性。